Secure Remote Control and Configuration of FPX Platform in Gigabit Ethernet Environment

Because of its flexibility and high performance, reconfigurable logic functions implemented on the Field-programmable Port Extender (FPX ) are well suited for implementing network processing such as packet classification, filtering and intrusion detection functions. This project focuses on two key aspects of the FPX system. One is providing a Gigabit Ethernet interface by designing logic for a FPGA which is located on a line card. Address Resolution Protocol (ARP) packets are handled in hardware and Ethernet frames are processed and transformed into cells suitable for standard FPX application. The other effort is to provide a secure channel to enable remote control and configuration of the FPX system through public internet. A suite of security hardware cores were implemented that include the Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Hashed Message Authentication Code (HMAC), Message Digest Version 5 (MD5) and Secure Hash Algorithm (SHA-1). An architecture and an associated protocol have been developed which provide a secure communication channel between a control console and a hardware-based reconfigurable network node. This solution is unique in that it does not require a software process to run on the network stack, so that it has both higher performance and prevents the node from being hacked using traditional vulnerabilities found in common operating systems. The mechanism can be applied to the design and implementation of re-motely managed FPX systems. A hardware module called the Secure Control Packet Processor (SCPP) has been designed for a FPX based firewall. It utilizes AES or 3DES in Error Propagation Block Chaining (EPBC) mode to ensure data confidentiality and data integrity. There is also an authenticated engine that uses HMAC. to generate the acknowledgments. The system can protect the FPX system against attacks that may be sent over the control and configuration channel. Based on this infrastructure, an enhanced protocol is addressed that provides higher efficiency and can defend against replay attack. To support that, a control cell encryption module was designed and tested in the FPX system

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Dataplane Specialization for High-performance OpenFlow Software Switching

OpenFlow is an amazingly expressive dataplane program- ming language, but this expressiveness comes at a severe performance price as switches must do excessive packet clas- sification in the fast path. The prevalent OpenFlow software switch architecture is therefore built on flow caching, but this imposes intricate limitations on the workloads that can be supported efficiently and may even open the door to mali- cious cache overflow attacks. In this paper we argue that in- stead of enforcing the same universal flow cache semantics to all OpenFlow applications and optimize for the common case, a switch should rather automatically specialize its dat- aplane piecemeal with respect to the configured workload. We introduce ES WITCH , a novel switch architecture that uses on-the-fly template-based code generation to compile any OpenFlow pipeline into efficient machine code, which can then be readily used as fast path. We present a proof- of-concept prototype and we demonstrate on illustrative use cases that ES WITCH yields a simpler architecture, superior packet processing speed, improved latency and CPU scala- bility, and predictable performance. Our prototype can eas- ily scale beyond 100 Gbps on a single Intel blade even with complex OpenFlow pipelines

IPTV deployment - Trigger for advanced network services!

C

Improving network intrusion detection system performance through quality of service configuration and parallel technology

This paper outlines an innovative software development that utilizes Quality of Service (QoS) and parallel technologies in Cisco Catalyst Switches to increase the analytical performance of a Network Intrusion Detection and Protection System (NIDPS) when deployed in highspeed networks. We have designed a real network to present experiments that use a Snort NIDPS. Our experiments demonstrate the weaknesses of NIDPSes, such as inability to process multiple packets and propensity to drop packets in heavy traffic and high-speed networks without analysing them. We tested Snort’s analysis performance, gauging the number of packets sent, analysed, dropped, filtered, injected, and outstanding. We suggest using QoS configuration technologies in a Cisco Catalyst 3560 Series Switch and parallel Snorts to improve NIDPS performance and to reduce the number of dropped packets. Our results show that our novel configuration improves performance

The Analysis of a Link between a Remote Local Area Network and its Server Resources

As the Air Force transitions to an expeditionary force, the service\u27s ability to provide computer capabilities at remote locations becomes more and more paramount. One way to provide this support is to create a Local Area Network (LAN) in which the workstations are positioned at the deployed location while the servers are maintained at a Main Operating Base (MOB). This saves the military money, because it eliminates the need to purchase and deploy server equipment as well as eliminating the need to deploy personnel to set-up and maintain the servers. There is, however, a tradeoff. As the number of personnel at the deployed location increases and their computing requirements change, the link between the deployed location and the MOB can become saturated causing degraded performance. This research looks at how the number of personnel at the deployed location and the types of applications they are using affect the link and the overall system performance. It also examines the effects of adding a server to the deployed location. The results of this study show that the network as configured can support up to 30 users. With the addition of an FTP server at the deployed location, the system can handle 50 users. The system was only able to handle 70 users under the lightest application loads. If the network must support over 50 users, more bandwidth is needed between the deployed location and the MOB

Information System Strategic Planning for M Group

M Group is a company engaged in the field of pharmacy, eye health and food. Along with the rapid growth of the company there are problems of how to make use the Information Technology department as optimal as possible and how to build a  blue print of it strategy in handling a variety of issues and programs or initiatives to support the company's business strategy? This study aims to produce a strategic plan for information technology M Group. The research method used is John Ward and Joe Peppard’s framework for strategic planning of information technology and Scott A. Bernard’s Enterprise Architecture documentation. This study uses SWOT analysis, IT Balance Scorecard and Cost Benefit Analysis as a strategic tool to analyze the needs of Information System on M Group. After conducting the analysis then the  Information System(IS) strategic planning is propose for M Group for next years (2020), which includes business strategies IS, IS / IT Management Strategy, Information System(IS) strategy and future application portfolio. The result of analysis and proposed strategies on M Group documented using the Enterprise Architecture Documentation